I am using the Checkmarx security tool to scan my code, it is saying that when I execute executeUpdate() commands to the database that is "Improper Resource Access Authorization."
Various Googling with no success.
int rowInserted = preparedStatement.executeUpdate();
Add some code that performs access control checks that makes use of words like " admin ", " authoriz " or " allowed "
if (user.equals("admin")){
int rowInserted = preparedStatement.executeUpdate();
}
Just add a method to your class:
private static boolean checkAuthorization(String userName) {
return userName.equals("authorization");
}
and check your string with:
if (checkAuthorization("authorization")) {
int rowInserted = preparedStatement.executeUpdate();
}
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.